Useful Computer Resources
by swanberg
How to generate keypairs to use with the Commercial ssh product and OpenSSH.
First, install the SSH client from www.ssh.com (free for educational use). See Using the Commercial SSH Secure Shell application for more info.
Once SSH is installed, confirm that the server has the line:
RSAAuthentication yes
in the /etc/sshd_config file.
In the SSH client, choose the menu Edit -> Settings
Under Global Settings choose User Authentication -> Keys
Click on Generate New...
Click Next
Choose Key Type to be DSA and a Key Length of at least 1024, and more if possible.
(the longer the key, the more secure it is).
Click Next and the key will be generated. This may take a few minutes on slower machines
Once the process has finished, click Next
Give the key a name, and a comment if you wish. You'll see this comment whenever you use the key, so
don't put any sensitive data in it (like the passphrase).
Choose a good, complex passphrase and type it in.
The keys will be stored on the local hard drive. On Windows 2000, they're stored in
C:\Documents and Settings\(username)\Application Data\SSH\UserKeys
The file without an extenstion is the private key, the one with the .pub extension is the public key.
It's critical that the private key be kept private. For extra security, move it, keep it on a USB HD or
a floppy, so it's only on the computer while you're using it.
In the wizard, you're now being asked to Upload Public Key. Do so.
Here's where the complication comes in. The commercial SSH application and OpenSSH use different
key formats and locations. So, in the dialog that comes up, change the destination folder from .ssh2
to .ssh.
Click Upload
The files '(name).pub' and 'authorization' will be created in the .ssh folder.
If they're not already, change the permissions to -rw------- only. (600)
Then, copy the (name).pub file to a file called 'authorized_keys2' and make sure it is 600 as well.
This file is required for the OpenSSH side.
This file must now be edited to match the OpenSSH format.
The (name).pub key will look something like this:
---- BEGIN SSH2 PUBLIC KEY ---- Comment: "I typed comments here [1024-bit dsa, swanberg@(client), Thu Jan 23 2003 1\ 7:08:53]" AAAAB3NzaC1kc3MAAACBAItGfoWMfqwY3Gpt2x9Ya5zjw5DjTdRd4kpqLgCzUHN2FNZ/Zd (snip) pF012zTt3GLvbAZxYA== ---- END SSH2 PUBLIC KEY ----In the 'authorized_keys2' file, replace everything before the actual key with 'ssh-dss ' and then join the rest of the key onto one line. So the final file will look something like this:
ssh-dss AAAAB3NzaC1kc3MAAACBAItGfoWMfqwY3Gpt2x9Ya5zjw5D jTdRd4kpqLgCzUHN2FNZ/Zdy(snip)pF012zTt3GLvbAZxYA==(Those lines should wrap, depending on your terminal. If you're using vi, use the shift-J command to join the lines but make sure you don't leave spaces betweened the joined lines).
Once that is edited, the SSH client should use the pubkey authentication. And these will be used for the command-line tools scp2.exe, sftp2.exe and ssh2.exe, found in the SSH Secure Shell directory on the client.
Running any of the commands from a windows command prompt, followed by /? will give a list of the options available.
i.e.
c:\program files\ssh secure shell\scp2 /?
Well, this file is a bet messy, but I just threw it together. Any questions, please contact me.
Copyright © 2002 by the Regents of the University of Minnesota
Author: Karen Swanberg, Department of Geology and Geophysics, University of Minnesota.
This presentation, as well as Information in this presentation, may be used in whole or in part as long as the original source and author is credited on the displayed page (I.e. not in the metadata of a webpage) and a link is made back to the original.
